European Commission Proposes New Anti-Cyber Crime Rules
The proposal will punish those who build, use, and sell tools and software designed to carry out cyber attacks, which have increased and grown more costly in recent years.
Building on the common policy for cyber defense that was adopted in April 2008 by NATO leaders, the European Commission on Sept. 30 proposed rules to improve EU member states' defenses and target those who build, use, and sell tools and software designed to carry out cyber attacks, including criminal groups that launch malware and botnets against sensitive information infrastructure in EU countries.
EU and NATO authorities started to rethink their common approach to telecommunications network protection after a 2007 attack against Estonia's public and private infrastructure temporarily froze online banking, pension payments, and some other activities.
"With the help of malicious software, it is possible to take control of a large number of computers and steal credit card numbers, find sensitive information, or launch large-scale attacks. It is time for us to step up our efforts against cyber crime, [which is] also often used by organized crime," said EU Home Affairs Commissioner Cecilia Malmstrom.
The commission's draft regulation aims to strengthen and extend the mandate of the European Network and Information Security Agency (ENISA), the EU agency dedicated to network security. ENISA will increase its awareness campaigns and its efforts to boost cooperation across member states.
"The EU's institutions and governments must work ever [more] closely together, to help us understand the nature and scale of the new cyber threats. We need ENISA's advice and support to help design efficient response mechanisms to protect our citizens and businesses online," said Neelie Kroes, the EU commissioner in charge of telecommunication networks.
Under existing rules, accessing and interfering with computers, servers, and data are criminal offenses.